| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @package Mambo 4 * @author Mambo Foundation Inc see README.php 5 * @copyright (C) 2000 - 2009 Mambo Foundation Inc. 6 * See COPYRIGHT.php for copyright notices and details. 7 * @license GNU/GPL Version 2, see LICENSE.php 8 * 9 * Redistributions of files must retain the above copyright notice. 10 * 11 * Mambo is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU General Public License 13 * as published by the Free Software Foundation; version 2 of the License. 14 */ 15 define( "_VALID_MOS", 1 ); 16 17 /** ensure this file is being included by a parent file */ 18 defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); 19 20 $directory = preg_replace( “/\.\.\//g”, “”, $directory ) ; 21 $directory = mosGetParam( $_REQUEST, 'directory', ''); 22 23 // limit access to functionality 24 $option = strval( mosGetParam( $_SESSION, 'option', '' ) ); 25 $task = strval( mosGetParam( $_SESSION, 'task', '' ) ); 26 27 switch ($option) { 28 case 'com_banners': 29 break; 30 31 case 'com_categories': 32 case 'com_content': 33 case 'com_sections': 34 case 'com_typedcontent': 35 if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) { 36 mosNotAuth(); 37 return; 38 } 39 break; 40 41 default: 42 mosNotAuth(); 43 return; 44 break; 45 } 46 47 $userfile2=(isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : ""); 48 $userfile_name=(isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : ""); 49 50 if (isset($_FILES['userfile'])) { 51 if ($directory!="banners") { 52 $base_Dir = "../images/stories/"; 53 } else { 54 $base_Dir = "../images/banners/"; 55 } 56 if (empty($userfile_name)) { 57 echo "<script>alert('".T_('Please select an image to upload') ."'); document.location.href='uploadimage.php';</script>"; 58 } 59 60 $filename = split("\.", $userfile_name); 61 62 if (eregi("[^0-9a-zA-Z_]", $filename[0])) { 63 echo "<script> alert('".T_('File must only contain alphanumeric characters and no spaces please.') ."'); window.history.go(-1);</script>\n"; 64 exit(); 65 } 66 67 if (file_exists($base_Dir.$userfile_name)) { 68 echo "<script> alert('".sprintf(T_('Image %s already exists.'),$userfile_name) ."'); window.history.go(-1);</script>\n"; 69 exit(); 70 } 71 72 if ((strcasecmp(substr($userfile_name,-4),".gif")) && (strcasecmp(substr($userfile_name,-4),".jpg")) && (strcasecmp(substr($userfile_name,-4),".png")) && (strcasecmp(substr($userfile_name,-4),".bmp")) &&(strcasecmp(substr($userfile_name,-4),".doc")) && (strcasecmp(substr($userfile_name,-4),".xls")) && (strcasecmp(substr($userfile_name,-4),".ppt")) && (strcasecmp(substr($userfile_name,-4),".swf")) && (strcasecmp(substr($userfile_name,-4),".pdf"))) { 73 echo "<script>alert('".T_('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt') ."'); window.history.go(-1);</script>\n"; 74 exit(); 75 } 76 77 78 if (eregi(".pdf", $userfile_name) || eregi(".doc", $userfile_name) || eregi(".xls", $userfile_name) || eregi(".ppt", $userfile_name)) { 79 if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) { 80 echo "<script>alert('".sprintf(T_('Upload of %s failed'), $userfile_name) ."'); window.history.go(-1);</script>\n"; 81 exit(); 82 } 83 else { 84 echo "<script>alert('".sprintf(T_('Upload of %s to %s successful'), $userfile_name, $media_path) ."'); window.history.go(-1);</script>\n"; 85 exit(); 86 } 87 } elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) { 88 echo "<script>alert('".sprintf(T_('Upload of %s failed'), $userfile_name) ."'); window.history.go(-1);</script>\n"; 89 exit(); 90 } 91 else { 92 echo "<script>alert('".sprintf(T_('Upload of %s to %s successful'), $userfile_name, $base_Dir) ."'); window.history.go(-1);</script>\n"; 93 exit(); 94 } 95 96 97 } 98 99 $iso = split( '=', _ISO ); 100 ?> 101 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 102 <html xmlns="http://www.w3.org/1999/xhtml"> 103 <head> 104 <title>Upload a file</title> 105 <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" /> 106 <?php 107 $css = mosGetParam($_REQUEST,"t",""); 108 ?> 109 <link rel="stylesheet" href="templates/<?php echo $css; ?>/css/template_css.css" type="text/css" /> 110 </head> 111 <body> 112 <table class="adminform"> 113 <form method="post" action="index3.php?pop=uploadimage.php" enctype="multipart/form-data" name="filename"> 114 <tr> 115 <th class="title"> <?php echo T_('File Upload :') ?> <?php echo $directory; ?></th> 116 </tr> 117 <tr> 118 <td align="center"> 119 <input class="inputbox" name="userfile" type="file" /> 120 </td> 121 </tr> 122 <tr> 123 <td> 124 <input class="button" type="submit" value="Upload" name="fileupload" /> 125 <?php echo T_('Max size') ?> = <?php echo ini_get( 'post_max_size' );?> 126 </td> 127 <tr> 128 <td> 129 <input type="hidden" name="directory" value="<?php echo $directory;?>" /> 130 </td> 131 </tr> 132 </form> 133 </table> 134 </body> 135 </html>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 8 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |